Merge "Revert "Add manager for access rules config""

keystone/access_rules_config/__init__.py

@@ -1,15 +0,0 @@
-# Copyright 2019 SUSE Linux GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystone.access_rules_config.core import *  # noqa

keystone/access_rules_config/core.py

@@ -1,59 +0,0 @@
-# Copyright 2019 SUSE Linux GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-"""List access rules."""
-
-from keystone.common import cache
-from keystone.common import manager
-import keystone.conf
-
-
-CONF = keystone.conf.CONF
-MEMOIZE = cache.get_memoization_decorator(group='access_rules_config')
-
-
-class Manager(manager.Manager):
-
-    driver_namespace = 'keystone.access_rules_config'
-    _provides_api = 'access_rules_config_api'
-
-    def __init__(self):
-        super(Manager, self).__init__(CONF.access_rules_config.driver)
-
-    def list_access_rules_config(self, service=None):
-        """List access rules config.
-
-        :param str service: filter by service type
-
-        :returns: a list of configured access rules. Access rules are
-                  permission objects composing of a service, a URL path, and an
-                  HTTP method.
-
-        """
-        return self.driver.list_access_rules_config(service)
-
-    @MEMOIZE
-    def check_access_rule(self, service, request_path, request_method):
-        """Check access rule.
-
-        :param str service: service type of rule to check
-        :param str request_path: endpoint path to check
-        :param str request_method: API HTTP method to check
-
-        :returns: boolean indicating whether the rule matches one of the
-                  configured access rules
-
-        """
-        return self.driver.check_access_rule(service, request_path,
-                                             request_method)

keystone/server/backends.py

@@ -13,7 +13,6 @@ import sys
 
 from oslo_log import log
 
-from keystone import access_rules_config
 from keystone import application_credential
 from keystone import assignment
 from keystone import auth
@@ -49,8 +48,7 @@ def load_backends():
     cache.configure_cache(region=identity.ID_MAPPING_REGION)
     cache.configure_invalidation_region()
 
-    managers = [access_rules_config.Manager,
-                application_credential.Manager, assignment.Manager,
+    managers = [application_credential.Manager, assignment.Manager,
                 catalog.Manager, credential.Manager,
                 credential.provider.Manager, resource.DomainConfigManager,
                 endpoint_policy.Manager, federation.Manager,

keystone/tests/unit/access_rules_config/test_backends.py

@@ -1,45 +0,0 @@
-# Copyright 2019 SUSE Linux GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystone.common import provider_api
-from keystone.tests import unit
-from keystone.tests.unit.ksfixtures import access_rules_config
-
-PROVIDERS = provider_api.ProviderAPIs
-
-
-class AccessRulesConfigTest(unit.TestCase):
-
-    def setUp(self):
-        super(AccessRulesConfigTest, self).setUp()
-        rules_file = '%s/access_rules.json' % unit.TESTCONF
-        self.useFixture(access_rules_config.AccessRulesConfig(
-            self.config_fixture, rules_file=rules_file))
-        self.load_backends()
-
-    def test_list_access_rules_config(self):
-        rules = PROVIDERS.access_rules_config_api.list_access_rules_config()
-        self.assertIn('identity', rules)
-        self.assertIn('image', rules)
-
-    def test_list_access_rules_config_for_service(self):
-        rules = PROVIDERS.access_rules_config_api.list_access_rules_config(
-            service='image')
-        self.assertNotIn('identity', rules)
-        self.assertIn('image', rules)
-
-    def test_check_access_rule(self):
-        result = PROVIDERS.access_rules_config_api.check_access_rule(
-            'identity', '/v3/users', 'GET')
-        self.assertTrue(result)